diff --git a/.gitignore b/.gitignore
index a2fa571..8bea5d2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@ result
 .direnv/
 book/
 fanny-efi-vars.fd
+nix-store-overlay.img
diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix
index 748396e..f6af913 100644
--- a/machines/fanny/configuration.nix
+++ b/machines/fanny/configuration.nix
@@ -57,6 +57,11 @@ in
     };
   };
 
+  systemd.tmpfiles.rules = [ 
+    "L /var/lib/microvms/data - - - - /data/microvms"
+    "d /data/microvms 0755 root root" #not needed for real host?
+    ];
+
   malobeo.initssh = {
     enable = true;
     authorizedKeys = sshKeys.admins;
diff --git a/machines/modules/disko/default.nix b/machines/modules/disko/default.nix
index 6174bf3..9ffd02c 100644
--- a/machines/modules/disko/default.nix
+++ b/machines/modules/disko/default.nix
@@ -252,6 +252,10 @@ in
               type = "zfs_fs";
               mountpoint = "/data";
             };
+            "encrypted/data/microvm" = {
+              type = "zfs_fs";
+              mountpoint = "/data/microvm";
+            };
             reserved = {
               # for cow delete if pool is full
               options = {
diff --git a/machines/modules/host_builder.nix b/machines/modules/host_builder.nix
index 772ce49..c75f6f0 100644
--- a/machines/modules/host_builder.nix
+++ b/machines/modules/host_builder.nix
@@ -70,6 +70,13 @@ rec {
             proto = "virtiofs";
             socket = "var.socket";
           }
+          {
+            source = "/var/lib/microvms/data/${hostName}";
+            mountPoint = "/data";
+            tag = "data";
+            proto = "virtiofs";
+            socket = "microdata.socket";
+          }
         ];
 
         interfaces = [